Tony Morbin explains why universities are at risk from hackers and what they should be doing to defend themselves.
Last month the DoppelPaymer crime gang attacked Newcastle University with ransomware. With many IT services not operating, the university reported that “it will take several weeks” to address the issues”.
In the UK, 35 out of 103 universities responding to a poll by ToppLine Comms admitted to being attacked by ransomware over the past five years. Of these, 34 said they did not pay ransoms (Liverpool John Moores was non-committal). Of the rest, 25 said they hadn’t been attacked and 43 refused to answer.
But elsewhere ransoms are being paid. Over the summer the University of California San Francisco (UCSF), working on a cure for Covid-19, paid a US$ 1.14 million (£910,000) ransom to the Netwalker hacking gang. Netwalker is reportedly linked to at least two other ransomware attacks on universities in the past few months.
Following a spike in attacks during August, the UK National Cyber Security Centre (NCSC) issued a warning for schools, colleges and universities advising them on the steps they must take to ensure they are protected.
Why are universities at risk from hackers?
The vulnerabilities of educational establishments are not new, and should be better acknowledged. Educational institutions face cyber-threats due to the valuable information stored on their networks and the ability for threat actors to use their network infrastructure to launch operations against other targets. Chris Ross at Barracuda Networks puts it like this: “University servers store a wealth of invaluable data including confidential research and sensitive student and staff information, such as addresses, passwords and even payment details. This makes higher-education institutions a hot target for opportunistic cybercriminals looking to acquire such data for financial gain.”
Involvement in research programmes that may have a potentially high economic payoff or support sensitive government research contracts is another factor. This is believed to be the motivation behind the high number of attacks that have been attributed to China and Iran in recent years.
In addition, university networks are seen as difficult for administrators to effectively secure, given the network’s typical size and the number of users, as well as the need for internal and external users to access and share information 24/7.
Chris Sherry at Forescout, describes how universities also struggle with the growing challenge of the Internet of Things (IoT) and BYOD as students, teachers and other personnel bring an average of three devices per person to campus and connect them to the WiFi, opening the entire network up to myriad vulnerabilities. Many university resources such as lab equipment, engineering machinery and medical tools are increasingly being connected to the internet: “Even a printer in the library that hasn’t had its default password changed could open the door to a huge breach.”
Another factor predisposing the university sector to threat is kudos. Oxford University has noted, “…launching a successful attack would be regarded in criminal (or hacktivist) circles as a noteworthy achievement, particularly in view of Oxford’s high public profile”. Other leading institutions are similarly targeted, with attackers disrupting website access, defacing web pages, or stealing and exposing the organisation’s sensitive information.
Increasing cyber attacks
A report by Checkpoint found the increase in attacks targeting the education and research sector differs across the USA, Europe and Asia with more DDoS attacks in the US, increased information disclosure attempts in Europe and more vulnerability exploits in Asia.
It reports weekly attacks in the academic sector in July-August increased by 30%, from 468 to 608 compared to the previous two months, while the general increase in the US was 6.5%. For Europe the respective figures were an increased by 24% from 638 to 793 among educational institutions, while the general increase was 9%. And in Asia academia suffered 1,598 weekly attacks, up 21% from 1,322 while attacks across all sectors averaged 3.5%.
Every year almost a third of academic network users are new, often newly financially independent, and delivering fresh data assets. This, combined with the pandemic and increased online learning, has made new students especially vulnerable to Coronavirus-based phishing scams pushing ransomware.
Coronavirus has ensured there is no corner of academia that has not moved online and thus become subject to the inherent risks of being connected, vulnerable to criminals and state actors alike.
To protect both its users and its own assets, all educational institutions must follow NCSC advice and put their online security on a par with the most cutting-edge research.
Tony Morbin is a freelance writer
Main image courtesy of iStockPhoto.com